Get-EntraDirectoryRoleMember

Get-EntraDirectoryRoleMember

    -DirectoryRoleId <String>
    [-Property <String[]>]
    [<CommonParameters>]

The Get-EntraDirectoryRoleMember cmdlet retrieves the members of a directory role in Microsoft Entra ID. To obtain the members of a specific directory role, specify the DirectoryRoleId. Use the Get-EntraDirectoryRole cmdlet to get the DirectoryRoleId value.

In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported for this operation:

• User Administrator
• Helpdesk Administrator
• Service Support Administrator
• Billing Administrator
• Directory Readers
• Directory Writers
• Application Administrator
• Security Reader
• Security Administrator
• Privileged Role Administrator
• Cloud Application Administrator

Connect-Entra -Scopes 'RoleManagement.Read.Directory'
$directoryRole = Get-EntraDirectoryRole -Filter "displayName eq 'Helpdesk Administrator'"
Get-EntraDirectoryRoleMember -DirectoryRoleId $directoryRole.Id | Select Id, DisplayName, '@odata.type', CreatedDateTime

id                                   displayName     @odata.type            createdDateTime
--                                   -----------     -----------            ---------------
bbbbbbbb-7777-8888-9999-cccccccccccc Debra Berger    #microsoft.graph.user  10/7/2024 12:31:57 AM
cccccccc-2222-3333-4444-dddddddddddd Contoso Group   #microsoft.graph.group 11/12/2024 9:59:43 AM

This example retrieves the members of the specified role.

• -DirectoryRoleId parameter specifies directory role ID.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.